Big three spearhead Web-services security standards

Microsoft, IBM and VeriSign are spearheading an effort to create a security standard for Web-based services, something each company admits is desperately needed if their future plans are to thrive.

"What we've been hearing from our customers is, 'We love Web services, but you guys need to go and figure out the security stuff,'" said Adam Sohn, a Microsoft program manager in platform strategy.

The announcement comes shortly after Redmond-based Microsoft announced a patch to fix 10 security vulnerabilities in its Web server software, and several months after the software giant announced a companywide focus on making its products more secure.

Representatives from the three companies said in interviews this week that they hope to avoid such failings in the future by coming up with a comprehensive security strategy before their Web-based services products hit the market in full force.

Microsoft likely has the most to gain from such a plan. The company is in the process of introducing its .NET strategy for providing people with a range of services, from making doctors' appointments to getting personalized driving directions, over the Internet. The plan will rely on customers trusting Microsoft and other companies to hold and transmit personal information ranging from health records to credit card numbers without breaching security or privacy.");document.write("

advertisement

");
}
}
// -->

The three companies will soon unveil the overall strategy and the first part of the plan, called WS-Security. Eventually, said Arvind Krishna, IBM vice president for security products, they hope other technology companies also will embrace the initiative and make it an open standard.

While the three companies said the security plan aims to benefit everyone equally, John Pescatore, a vice president at research firm Gartner, said the plan appears to be designed to work best in a Microsoft Windows-based environment, and ignores already-existing security standards initiatives.